[cisco-voip] R: Jabber Mobile 11.7 don't Store SSo User Credential
Ankur Srivastava
ansrivastava at linkedin.com
Sun Oct 2 04:16:43 EDT 2016
You can increase the timer to a really long duration or turn it off
globally in cucm. There is no third choice.
On Oct 2, 2016 13:09, "Alessandro Bertacco" <bertacco.alessandro at alice.it>
wrote:
> Thank you Ankur,
>
> so the only way to make Jabber mobile usable is to disable SSO?
>
>
>
> Is it possible to disable SSO only for the Jabber Client? Or I’ll need to
> disable SSO globally?
>
>
>
> Thank you again.
>
>
>
> Regards
>
>
>
> Alessandro
>
>
>
>
>
> *Da:* Ankur Srivastava [mailto:ansrivastava at linkedin.com]
> *Inviato:* domenica 2 ottobre 2016 05:54
> *A:* Alessandro Bertacco <bertacco.alessandro at alice.it>
> *Cc:* voip puck <cisco-voip at puck.nether.net>
> *Oggetto:* Re: [cisco-voip] Jabber Mobile 11.7 don't Store SSo User
> Credential
>
>
>
> Also you can't save any credentials because Jabber is not prompting for
> login it's the ADFS which prompts for it. Jabber just opens a web-wrapper
> and loads a http link for ADFS.
>
> So there is no way for the Jabber client to know what credentials you
> entered in that pop-up.
>
> Regards,
> Ankur
>
>
>
> On Oct 2, 2016 09:19, "Ankur Srivastava" <ansrivastava at linkedin.com>
> wrote:
>
> Hi Alessandro,
>
> When you enable SSO then CUCM does not control the authentication process
> and at every login Expressway or CUCM will reach out to ADFS to confirm if
> the user is authorised or not.
>
> ADFS verifies the last SSO cookie to confirm whether it should allow the
> request or prompt for login. CUCM or Expressway can't control this behavior.
>
> So your users are being prompted for login because the SSO cookies expire
> and ADFS requests re-Authentication. You do not have any way to work around
> this. This is how SSO works.
>
> If you want less prompts you can increase the SSO timers on ADFS to not to
> expire for 2-3 days, but that will affect all SSO requests not just UC.
>
> Regards,
> Ankur
>
>
>
> On Oct 2, 2016 02:37, "Alessandro Bertacco" <bertacco.alessandro at alice.it>
> wrote:
>
> We have UC environment all in version 11.0 (CUCM, CUPS, CUC), and we use
> Jabber 11.7 on all platform, Windows, MAC, IOS and Android
>
>
>
> SSO authentication enabled using Microsoft ADFS 2.0 as IDP.
>
>
>
> SSO works fine from all devices, and on Windows Domain computer SSO User
> Credential are pushed directly from the Operating System to the SSO
> Infrastructure, so user need only to open Jabber Client and do nothing to
> login.
>
>
>
> Instead, from Jabber for mobile device, SSO authentication Works, inside
> and outside troughs Expressway C/E infrastructure but Users credential
> aren’t stored on mobile devices.
>
>
>
> So, every day, when user start up their Smartphone, Jabber presents SSo
> IDp popup that ask Users to authenticate. You understand that this make
> UnUsable Jabber Mobile, because users don’t want to be bored for
> Credentials every day.
>
>
>
> I’ve also opened a TAC but Engineer don’t find the route cause.
>
>
>
> Someone of you have a working implementations of SSO Authentication
> Infrastructure with Jabber Mobile clients that store users credential and
> pass it automatically to IDP during the Jabber Login ?
>
>
>
> Can you help me or suggest something?
>
>
>
> This is make me crazy, and customer wants to rollback to SSO disabled. Is
> that the final solution?
>
>
>
> Thank you.
>
>
>
> Regards
>
>
>
> Alessandro
>
>
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20161002/446e8de8/attachment.html>
More information about the cisco-voip
mailing list